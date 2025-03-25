Wirespeed set out to automate and streamline the traditionally human-heavy process of detecting and responding to network intrusions. It addressed critical security challenges like detecting and stopping suspicious user logins, including those involving impossible travel. In cybersecurity, "impossible travel" refers to a scenario in which a single user account logs in from two geographically distant locations in too short a time to be physically possible. However, inaccurate or incomplete IP data undermines the reliability of impossible travel alerts. Prior to adopting IPinfo, Wirespeed faced:
Without deeper, more accurate context, Wirespeed risked alert fatigue for its clients, making automated threat detection and the impossible travel use case less reliable or untrustworthy.
"We work with all the leading security providers, but the location data they include is often so inaccurate that we couldn't automate effectively. IPinfo solved a major accuracy gap and made impossible travel events and other automated threat detection truly viable."
Jake Reynolds and his team knew better geolocation and IP enrichment data would be essential to automating impossible travel alerts and identifying other threats. While evaluating data providers, Wirespeed found that most open databases or legacy IP intelligence vendors had outdated, inaccurate data. They needed a solution that:
After comparing several IP data sources—such as MaxMind and various open datasets—Wirespeed saw that none could match IPinfo's thoroughness and accuracy.
"We integrated IPinfo in five minutes. It was easy to test and delivered precise results from the start. It just worked, and we haven't touched the integration since. It's a simple API, the data is well documented, well formatted, the API key and rate limits make perfect sense. I've had to spend hours on other APIs just to figure out pagination. With IPinfo, it's straightforward. I wouldn't even call it onboarding"
Wirespeed integrated IPinfo's privacy and geolocation APIs into its MDR platform, automating the detection of suspicious login attempts and security events. The solution involved enriching login event logs with IP geolocation and privacy details, allowing automated alerts for unusual access patterns. The new workflow has made advanced threat detection and impossible travel truly operational at scale:
With these improvements, Wirespeed created a truly automated solution for detecting and responding to security threats in real-time.
"We feed in a single IP address and get back location, privacy flags like Tor usage, and company or abuse contacts. That has been huge for kicking out malicious logins. In our first week, we caught someone logging in from Kentucky, but the abuse contact was based in Shanghai. This client had zero business in Asia, so we kicked them out in under 200 seconds—far faster than a typical SOC, which can take tens of minutes to hours. We later discovered it was a Russian hacker trying to transfer money. Thanks to IPinfo's data, we were able to stop it within about 90 seconds."
By harnessing IPinfo's privacy and geolocation data, Wirespeed delivers on its promise of automating threat detection—especially for notoriously difficult impossible travel scenarios. For security teams struggling to distinguish between a routine VPN switch and a genuine malicious intrusion, the combination of Wirespeed's next-generation MDR and IPinfo's accurate IP data creates a game-changing edge in cybersecurity.
Thanks to IPinfo's accuracy, Wirespeed has significantly lowered escalations for suspicious login events. What used to be an endless stream of false positives now becomes targeted, meaningful alerts.
"We track something we call 'meantime to verdict'—from the moment an alert hits our API to the time we decide on an action. A human-led SOC might need minutes or hours, but we operate in milliseconds. IPinfo is part of that pipeline, and we've never once seen an outage or slowdown. Meanwhile, some big-name vendors go down every Sunday for maintenance, which is maddening. Thanks to IPinfo, we can stay under one second, because it provides the critical context we need."
By integrating IPinfo's real-time geolocation and privacy data, Wirespeed revolutionized its ability to detect and respond to suspicious login attempts. This improvement significantly reduced manual verification efforts and false positives while delivering on its core promise of achieving a mean time to verdict in under one second. With IPinfo's accurate data pipeline, Wirespeed ensured faster and more reliable threat detection, creating a scalable solution for even the most complex cybersecurity challenges.
Wirespeed plans to expand its data ingestion capabilities by integrating IPinfo's residential proxy dataset and dynamic IP metadata, such as historical activity tracking.
"IPinfo's data has become an irreplaceable part of our platform. It powers detection capabilities we couldn't achieve with other providers. IPinfo's data keep evolving, and we're excited to explore new use cases that could further enhance our threat detection system."
